- 修复登陆成功后响应体包含的问题 - 修改了表的schema中字段username的编辑权限，防止用户通过clientDB绕过用户名不能重复的规则更新用户名的问题

0896f37d · DCloud_JSON · 88b0cf50 · 0896f37d · 0896f37d · 0896f37d
9 changed file
--- a/changelog.md
+++ b/changelog.md
+## 1.0.48（2021-08-10）
+- 修复登陆成功后响应体包含`userInfo.password`的问题
+- 修改了`uni-id-users`表的schema中字段username的编辑权限，防止用户通过clientDB绕过用户名不能重复的规则更新用户名的问题
 ## 1.0.47（2021-08-09）
 - 更新文档快速体验部署流程
 - 修复一键登陆优先时报变量找不到的问题

--- a/manifest.json
+++ b/manifest.json
@@ -181,7 +181,14 @@
    "enable": false
  },
  "h5": {
-    "template": ""
+    "template": "",
+    "sdkConfigs": {
+      "maps": {
+        "qqmap": {
+          "key": ""
+        }
+      }
+    }
  },
  "_spaceID": "",
  "vueVersion": "2"

--- a/package.json
+++ b/package.json
 {
 	"id": "uni-starter",
 	"displayName": "uni-starter",
-	"version": "1.0.47",
+	"version": "1.0.48",
 	"description": "云端一体应用快速开发基本项目模版",
 	"keywords": [
        "login",

--- a/uniCloud-aliyun/database/uni-id-users.schema.json
+++ b/uniCloud-aliyun/database/uni-id-users.schema.json
@@ -12,13 +12,19 @@
 			"bsonType": "string",
 			"title": "用户名",
 			"description": "用户名，不允许重复",
-			"trim": "both"
+			"trim": "both",
+			"permission":{
+				"write":false
+			}
 		},
 		"password": {
 			"bsonType": "password",
 			"title": "密码",
 			"description": "密码，加密存储",
-			"trim": "both"
+			"trim": "both",
+			"permission":{
+				"write":false
+			}
 		},
 		"password_secret_version": {
 			"bsonType": "int",

--- a/uni_modules/uni-id-cf/changelog.md
+++ b/uni_modules/uni-id-cf/changelog.md
+## 1.0.5（2021-08-10）
+- 修复登陆成功后响应体包含userInfo.password的问题
+- 新增微信登陆成功后，自动获取用户的微信昵称和头像完善用户个人资料
+## 1.0.4（2021-07-31）
+- 修复 登录日志在登录失败时不写入记录的 bug
+- 修复 写入记录登录是未传递 type 参数的 bug
 ## 1.0.3（2021-07-02）
 - 框架设定非 admin 不能创建用户, 用户可自定义
 ## 1.0.2（2021-07-01）

--- a/uni_modules/uni-id-cf/package.json
+++ b/uni_modules/uni-id-cf/package.json
 {
  "id": "uni-id-cf",
  "displayName": "uni-id-cf",
-  "version": "1.0.3",
+  "version": "1.0.5",
  "description": "uni-id-cf",
  "keywords": [
    "uni-id-cf",
@@ -70,6 +70,10 @@
        "快应用": {
          "华为": "u",
          "联盟": "u"
+        },
+        "Vue": {
+            "vue2": "y",
+            "vue3": "u"
        }
      }
    }

--- a/uni_modules/uni-id-cf/readme.md
+++ b/uni_modules/uni-id-cf/readme.md
-uni-id-cf是uni-id-uniCloudFunction的缩写。
+#### uni-id-cf是uni-id-uniCloudFunction的缩写。
-直接调用他内置的云函数，即可直接使用uni-id的各类api。
+#### 直接调用他内置的云函数，即可直接使用uni-id的各类api。
 含：登录注册（含用户名密码登录、手机号验证码登录、app一键登录、微信登录、Apple登录、微信小程序登录）、修改密码、忘记密码、退出登录等
-详细的使用方式见[uni-starter](https://ext.dcloud.net.cn/plugin?id=5057)
\ No newline at end of file
+> 详细的使用方式见[uni-starter](https://ext.dcloud.net.cn/plugin?id=5057)
\ No newline at end of file
--- a/uni_modules/uni-id-cf/uniCloud/cloudfunctions/uni-id-cf/index.js
+++ b/uni_modules/uni-id-cf/uniCloud/cloudfunctions/uni-id-cf/index.js
@@ -63,7 +63,7 @@ exports.main = async (event, context) => {
 	}
 	//禁止前台用户传递角色
-	if (action.slice(0,7) == "loginBy") {
+	if (action.slice(0, 7) == "loginBy") {
 		if (params.role) {
 			return {
 				code: 403,
@@ -75,8 +75,11 @@ exports.main = async (event, context) => {
 	//3.注册成功后创建新用户的积分表方法
 	async function registerSuccess(uid) {
 		//用户接受邀请
-		if(inviteCode){
+		if (inviteCode) {
-			await uniID.acceptInvite({inviteCode,uid});
+			await uniID.acceptInvite({
+				inviteCode,
+				uid
+			});
 		}
 		//添加当前用户设备信息
 		await db.collection('uni-id-device').add({
@@ -94,9 +97,6 @@ exports.main = async (event, context) => {
 	}
 	//4.记录成功登录的日志方法
 	const loginLog = async (res = {}) => {
-		if(res.code != 0){
-			return false
-		}
 		const now = Date.now()
 		const uniIdLogCollection = db.collection('uni-id-log')
 		let logData = {
@@ -107,24 +107,29 @@ exports.main = async (event, context) => {
 			create_date: now
 		};
-		Object.assign(logData,
+		if(res.code === 0){
-			res.code === 0 ? {
+			logData.user_id = res.uid
-				user_id: res.uid,
+			logData.state = 1
-				state: 1
+			if(res.userInfo&&res.userInfo.password){
-			} : {
+				delete res.userInfo.password
-				state: 0
+			}
-			})
 			if (res.type == 'register') {
 				await registerSuccess(res.uid)
 			} else {
 				if (Object.keys(deviceInfo).length) {
-				console.log(979797,{deviceInfo,user_id: res});
+					// console.log(979797, {
+					// 	deviceInfo,
+					// 	user_id: res
+					// });
 					//更新当前用户设备信息
 					await db.collection('uni-id-device').where({
 						user_id: res.uid
 					}).update(deviceInfo)
 				}
 			}
+		}else{
+			logData.state = 0
+		}
 		return await uniIdLogCollection.add(logData)
 	}
@@ -151,6 +156,11 @@ exports.main = async (event, context) => {
 			}
 			break;
 		case 'bindMobileBySms':
+			// console.log({
+			// 	uid: params.uid,
+			// 	mobile: params.mobile,
+			// 	code: params.code
+			// });
 			res = await uniID.bindMobile({
 				uid: params.uid,
 				mobile: params.mobile,
@@ -159,7 +169,9 @@ exports.main = async (event, context) => {
 			// console.log(res);
 			break;
 		case 'register':
-			var {username, password, nickname} = params
+			var {
+				username, password, nickname
+			} = params
 			if (/^1\d{10}$/.test(username)) {
 				return {
 					code: 401,
@@ -172,7 +184,12 @@ exports.main = async (event, context) => {
 					msg: '用户名不能是邮箱'
 				}
 			}
-			res = await uniID.register({username, password, nickname,inviteCode});
+			res = await uniID.register({
+				username,
+				password,
+				nickname,
+				inviteCode
+			});
 			if (res.code === 0) {
 				await registerSuccess(res.uid)
 			}
@@ -212,6 +229,7 @@ exports.main = async (event, context) => {
 					...params,
 					queryField: ['username', 'email', 'mobile']
 				});
+				res.type = 'login'
 				await loginLog(res);
 				needCaptcha = await getNeedCaptcha();
 			}
@@ -283,11 +301,11 @@ exports.main = async (event, context) => {
 			break;
 		case 'sendSmsCode':
 			/* -开始- 测试期间，为节约资源。统一虚拟短信验证码为： 123456；开启以下代码块即可  */
-				return uniID.setVerifyCode({
+			// return uniID.setVerifyCode({
-					mobile: params.mobile,
+			// 	mobile: params.mobile,
-					code: '123456',
+			// 	code: '123456',
-					type: params.type
+			// 	type: params.type
-				})
+			// })
 			/* -结束- */
 			// 简单限制一下客户端调用频率
@@ -392,10 +410,11 @@ exports.main = async (event, context) => {
 			}
 			break;
-			// -----------  admin api  -----------
+			// =========================== admin api start =========================
-		case 'registerAdmin':
+		case 'registerAdmin': {
 			var {
-				username, password
+				username,
+				password
 			} = params
 			let {
 				total
@@ -408,11 +427,30 @@ exports.main = async (event, context) => {
 					message: '超级管理员已存在，请登录...'
 				}
 			}
-			return uniID.register({
+			const appid = params.appid
+			const appName = params.appName
+			delete params.appid
+			delete params.appName
+			res = await uniID.register({
 				username,
 				password,
 				role: ["admin"]
 			})
+			if (res.code === 0) {
+				const app = await db.collection('opendb-app-list').where({
+					appid
+				}).count()
+				if (!app.total) {
+					await db.collection('opendb-app-list').add({
+						appid,
+						name: appName,
+						description: "admin 管理后台",
+						create_date: Date.now()
+					})
+				}
+			}
+		}
 		break;
 	case 'registerUser':
 		const {
@@ -426,21 +464,75 @@ exports.main = async (event, context) => {
 				message: '非法访问, 无权限注册超级管理员',
 			}
 		} else {
+			// 过滤 dcloud_appid，注册用户成功后再提交
+			const dcloudAppidList = params.dcloud_appid
+			delete params.dcloud_appid
 			res = await uniID.register({
+				autoSetDcloudAppid: false,
 				...params
 			})
 			if (res.code === 0) {
 				delete res.token
 				delete res.tokenExpired
+				await uniID.setAuthorizedAppLogin({
+					uid: res.uid,
+					dcloudAppidList
+				})
 			}
 		}
 		break;
+	case 'updateUser': {
+		const {
+			userInfo
+		} = await uniID.getUserInfo({
+			uid: params.uid
+		})
+		if (userInfo.role.indexOf('admin') === -1) {
+			res = {
+				code: 403,
+				message: '非法访问, 无权限注册超级管理员',
+			}
+		} else {
+			// 过滤 dcloud_appid，注册用户成功后再提交
+			const dcloudAppidList = params.dcloud_appid
+			delete params.dcloud_appid
+			// 过滤 password，注册用户成功后再提交
+			const password = params.password
+			delete params.password
+			// 过滤 uid、id
+			const id = params.id
+			delete params.id
+			delete params.uid
+			res = await uniID.updateUser({
+				uid: id,
+				...params
+			})
+			if (res.code === 0) {
+				if (password) {
+					await uniID.resetPwd({
+						uid: id,
+						password
+					})
+				}
+				await uniID.setAuthorizedAppLogin({
+					uid: id,
+					dcloudAppidList
+				})
+			}
+		}
+		break;
+	}
 	case 'getCurrentUserInfo':
-			res = uniID.getUserInfo({
+		res = await uniID.getUserInfo({
 			uid: params.uid,
 			...params
 		})
 		break;
+		// =========================== admin api end =========================
 	default:
 		res = {
 			code: 403,

--- a/uni_modules_tools/copy/manifest.json
+++ b/uni_modules_tools/copy/manifest.json
@@ -160,8 +160,15 @@
        "enable" : false
    },
    "h5" : {
-        "template" : ""
+        "template" : "",
+        "sdkConfigs" : {
+            "maps" : {
+                "qqmap" : {
+                    "key" : ""
+                }
+            }
+        }
    },
    "_spaceID" : "76ce2c5e-31c7-4d81-8fcf-ed1541ecbc6e",
-    "vueVersion" : "2"
+    "vueVersion" : "3"
 }